执行 C 程序,出现 AddressSanitizer的错误,详细错误如:
==9016==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000003338 at pc 0x00000060b262 bp 0x7ffe4bba1a70 sp 0x7ffe4bba1a6818:19:02 READ of size 8 at 0x602000003338 thread T018:19:02 ==9016==WARNING: invalid path to external symbolizer!18:19:02 ==9016==WARNING: Failed to use and restart external symbolizer!18:19:02 #0 0x60b261 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x60b261)18:19:02 #1 0x606109 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x606109)18:19:02 #2 0x53541a (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x53541a)18:19:02 #3 0x51e689 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x51e689)18:19:02 #4 0x501ae5 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x501ae5)18:19:02 #5 0x5027f7 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x5027f7)18:19:02 #6 0x502e82 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x502e82)18:19:02 #7 0x50de12 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x50de12)18:19:02 #8 0x538bca (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x538bca)18:19:02 #9 0x520aa9 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x520aa9)18:19:02 #10 0x50db2a (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x50db2a)18:19:02 #11 0x4deb50 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4deb50)18:19:02 #12 0x4deae3 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4deae3)18:19:02 #13 0x7f4d12486b96 (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)18:19:02 #14 0x42db59 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x42db59)18:19:0218:19:02 0x602000003338 is located 8 bytes inside of 16-byte region [0x602000003330,0x602000003340)18:19:02 freed by thread T6 here:18:19:02 #0 0x4dc92d (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4dc92d)18:19:02 #1 0x606d01 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x606d01)18:19:02 #2 0x5f6f93 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x5f6f93)18:19:02 #3 0x7f4d14c8b6da (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)18:19:0218:19:02 previously allocated by thread T6 here:18:19:02 #0 0x4dc0cd (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4dc0cd)18:19:02 #1 0x606a94 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x606a94)18:19:02 #2 0x5f6f93 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x5f6f93)18:19:02 #3 0x7f4d14c8b6da (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)18:19:0218:19:02 Thread T6 created by T0 here:18:19:02 #0 0x4949cc (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4949cc)18:19:02 #1 0x5f69e4 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x5f69e4)18:19:02 #2 0x605c8e (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x605c8e)18:19:02 #3 0x53541a (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x53541a)18:19:02 #4 0x51e689 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x51e689)18:19:02 #5 0x501ae5 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x501ae5)18:19:02 #6 0x5027f7 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x5027f7)18:19:02 #7 0x502e82 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x502e82)18:19:02 #8 0x50de12 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x50de12)18:19:02 #9 0x538bca (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x538bca)18:19:02 #10 0x520aa9 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x520aa9)18:19:02 #11 0x50db2a (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x50db2a)18:19:02 #12 0x4deb50 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4deb50)18:19:02 #13 0x4deae3 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x4deae3)18:19:02 #14 0x7f4d12486b96 (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)18:19:0218:19:02 SUMMARY: AddressSanitizer: heap-use-after-free (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x60b261)18:19:02 Shadow bytes around the buggy address:18:19:02 0x0c047fff8610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa18:19:02 0x0c047fff8620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa18:19:02 0x0c047fff8630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa18:19:02 0x0c047fff8640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa18:19:02 0x0c047fff8650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa18:19:02 =>0x0c047fff8660: fa fa fa fa fa fa fd[fd]fa fa fd fd fa fa fd fd18:19:02 0x0c047fff8670: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa18:19:02 0x0c047fff8680: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fa18:19:02 0x0c047fff8690: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fa18:19:02 0x0c047fff86a0: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fa18:19:02 0x0c047fff86b0: fa fa fd fd fa fa fd fa fa fa fd fd fa fa fd fa18:19:02 Shadow byte legend (one shadow byte represents 8 application bytes):18:19:02 Addressable: 0018:19:02 Partially addressable: 01 02 03 04 05 06 0718:19:02 Heap left redzone: fa18:19:02 Freed heap region: fd18:19:02 Stack left redzone: f118:19:02 Stack mid redzone: f218:19:02 Stack right redzone: f318:19:02 Stack after return: f518:19:02 Stack use after scope: f818:19:02 Global redzone: f918:19:02 Global init order: f618:19:02 Poisoned by user: f718:19:02 Container overflow: fc18:19:02 Array cookie: ac18:19:02 Intra object redzone: bb18:19:02 ASan internal: fe18:19:02 Left alloca redzone: ca18:19:02 Right alloca redzone: cb18:19:02 ==9016==ABORTING
由于错误中,没有 stack frame信息,无法从错误信息中识别出具体的代码段。
可以通过 addr2line 工具分析执行文件。
首先,一定是执行出错的运行程序。
通过 addr2line -e <object> <address> 查看地址对应的代码行。前提是需要执行程序是 debug 版本。
如上述错误:
18:19:02 ==9016==WARNING: Failed to use and restart external symbolizer!
18:19:02 #0 0x60b261 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x60b261)
18:19:02 #1 0x606109 (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x606109)
18:19:02 #2 0x53541a (/tmp/ramdisk/gn_out/build/linux/x64/smoke+0x53541a)
可执行 addr2line -e ./smoke 0x60b261,输出如下:
/tmp/jenkins/rte_platform/out/linux/x64/../../../src/robox_framework/binding/cpp/box.h:91
heap-user-after-free 错误,一般是在线程 A 中释放了一段内存,在线程 B 中继续访问该段内存 (可能是其中的一部分,不一定是从起始位置)。
如上述错误中的第一行:
==9016==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000003338 at pc 0x00000060b262 bp 0x7ffe4bba1a70 sp 0x7ffe4bba1a68
指出访问的地址是 0x602000003338。
第 21 行指出该地址被释放的原因:
18:19:02 0x602000003338 is located 8 bytes inside of 16-byte region [0x602000003330,0x602000003340)
18:19:02 freed by thread T6 here:
是被线程 T6 释放,释放的对象的内存空间是 0x602000003330 到 0x602000003340,而 0x602000003338 在这段内存范围内。
若有收获,就点个赞吧
0 人点赞
